User Tools

Site Tools

Sidebar

Exception Handling in Control Systems

D.A. van Beek

This thesis deals with the required concepts and
mechanisms for exception handling in control systems.

There is much confusion in the literature about
the meaning of exceptions and the relationship of exceptions and
errors. In this thesis, the most important terms relating to
errors and exceptions are accurately defined, while retaining a
high level of compatibility with the way these terms are used in
the literature.

A treatment is presented of the most important
concepts relating to the three stages of error handling: error
detection, error diagnosis and confinement, and error recovery
and fault repair. Only forward error recovery is covered in this
thesis.

Several satisfactory and more or less similar
exception handling mechanisms exist for the handling of internal
exceptions. These mechanisms and a traditional mechanism are
briefly evaluated. The resume response from an exception handler
is rejected as being undesirable in both single and multi-process
environments.

A literature search has yielded several proposals
and existing mechanisms for exception handling in controlling
systems or, more generally, in a multi-process environment. No
publications, however, have been found which describe the essence
of the required functionality of such mechanisms. Therefore,
'constraint of an operation' and 'constraint violation' have been
introduced as new concepts. The constraint of an operation is
that part of its precondition which is invariant over the
operation: it has to be valid throughout the execution of the
operation. A violation of an operation's constraint causes an
exception occurrence in the process executing the operation and
should result in the raising of an exception.

The concepts constraint and constraint violation
have been used to describe the required functionality of
mechanisms for the handling of exceptions in controlling systems.
Several existing and proposed mechanisms have been evaluated
using this functionality. The mechanisms have been evaluated as
either offering a functionality which is too restricted for
controlling systems, as offering an incorrect or undesirable
functionality, or as inadequate in other ways.

A new mechanism for the handling of constraint
violations has been introduced. The mechanism has been realized
by means of constraint monitors which are used to specify and
monitor constraints of operations independently of other
operations, which is an important requirement for the creation of
modular subprograms. A constraint monitor bound to a single
operation can also be used to specify a constraint which is
common to several operations.

A constraint monitor is bound to an operation,
and consists of a constraint and an exception. The violation of
the constraint which is monitored by a constraint monitor results
in the creation of a pending exception. The exception is not
immediately raised, since this can result in time-dependent
run-time errors due to violations of the internal invariants of a
process. Pending exceptions are raised at interaction points,
which are natural places for internal invariants to hold, but
they are not raised in exception handlers.

Several constraints can be violated at the same
time by concurrently executing processes. This can result in more
than one pending exception in a process. Some criteria for the
selection of a pending exception have been evaluated. The pending
exception that should be selected is the one belonging to the
constraint monitor which was enabled first, and thus at the
outermost level. The other pending exceptions can be discarded.

The only systems considered are systems that can
be modeled as discrete event systems.

The new mechanism is independent of a particular
programming language. The functionality of the mechanism
therefore deals with the common requirements of languages for the
control of industrial systems. Language-specific elements are not
treated.

Constraint monitors have been successfully
implemented in Process Calculus, which is a language for the
specification, simulation and control of industrial systems. The
simplicity and power of the new mechanism is illustrated with a
case concerning the control of a transport system.

PhD thesis, Eindhoven University of Technology, The Netherlands, 1993.